MIT students Jeremy Rubin and Dan Elitzer
MIT student Jeremy Rubin (L), a member of Tidbit bitcoin mining tool project, and Dan Elitzer (R), founder of the MIT Bitcoin Club, pose for a photograph at MIT Reuters

Four 19-year-old MIT students who invented an award-winning bitcoin miner that uses Java Script to mine bitcoins on other websites are now embroiled in a court battle over a subpoena from New Jersey state authorities demanding their source code.

In November 2013, Jeremy Rubin, Oliver Song, Kevin King and Carolyn Zhang won the Node.js Knockout Hackathon for their project, Tidbit, and Rubin was later part of an initiative to give all MIT undergraduates $100 (£61) in bitcoins by autumn 2014.

Tidbit works by asking visitors to websites whether they would rather be served advertising or mine bitcoins. If a visitor were to choose the latter, bitcoins could be mined by copying and incorporating a piece of JavaScript code, giving the website another source of income.

The students are based in Boston, Massachusetts, and yet an out-of-state department, the Cyber Fraud Unit of the New Jersey Division of Consumer Affairs, has opened an investigation into their project.

According to Cryptocoins News, the investigation aims to discover whether the tool breached computer security and therefore the Consumer Fraud Act through unauthorised computer access while the tool was being tested by users on the hackathon's website.

The subpoena demands documents and asks 51 questions of the students, including questions that use potentially self-incriminating language:

"all instances where Tidbit, its employees and/or websites utilizing the Bitcoin code accessed consumer computers without express written authorization (sic) or accessed consumer computers beyond what was authorized."

However, Tidbit was only a project and never an actual business, so now the students are being represented by lawyers from the Electronic Frontier Foundation (EFF), a non-profit organisation dedicated to defending the rights of internet users.

Both the EFF and MIT have tried to get the subpoena withdrawn by writing to New Jersey's Deputy Attorney General Glenn Graham and Attorney General John Jay Hoffman, to verify that Tidbit was merely a proof-of-concept and therefore not capable of mining bitcoins.

Bitcoin (virtual currency)
The logo of Bitcoin (virtual currency) is pictured on a door in an illustration picture taken at La Maison du Bitcoin in Paris Reuters

They have also stressed that the now-defunct start-up doesn't even reside in the state of New Jersey, so the state authorities have no jurisdiction to monitor commercial activities anyway, but the Attorney General has still refused to withdraw the subpoena.

Attorneys for the New Jersey State Department maintain that the code for mining bitcoins is "present and active", and the Cyber Fraud Unit's investigator Brian Morgenstern claims to have found the code present on at least three websites registered and located in the state of New Jersey, just two days after Tidbit won the hackathon last year.

The case is now back in court and EFF's Fakhoury will press for the subpoena to be dismissed since the students have disbanded their project and taken down the website with the Tidbit code.

If the subpoena must go ahead, then Fakhoury will request that Tidbit's founders, in particular Rubin, whose name was used to register the website, receive immunity from prosecution.

"While the state certainly has a right to investigate consumer fraud, threatening out-of-state college students with subpoenas isn't the way to do it," EFF staff attorney Hanni Fakhoury said in a statement.

"As MIT students and faculty have warned, the fear that any state can issue broad subpoenas to any student anywhere in the country will have a chilling effect on campus technological innovation beyond Tidbit."